[Mailman-Users] spam, spamcop and mailman moderation
Brad Knowles
brad at shub-internet.org
Mon Nov 13 19:20:20 CET 2006
At 4:18 PM +0900 11/13/06, stephen at xemacs.org wrote:
> > Signed mail causes the CPU of the mail server to have to do expensive
> > crypto calculations that are many, many orders of magnitude beyond
> > anything that had ever been done in the past, on a per-message basis.
>
> If you insist that the server do the signature, yes. Did you miss the
> part where I said you have to educate users for this to work?
No amount of user education is going to help. First off, they need
to be running suitable software. Very little client-side software
supports DKIM or other similar sorts of technologies, and this kind
of thing is pretty useless if it's not widely implemented.
DKIM was specifically designed so that it could slip in as a "shim"
on the server side, to start ramping up this process quickly, because
they knew it would take a long time to be supported on the majority
of clients.
But the problem is that it *has* to be supported on the server
receiver in order to be useful at all -- that's the only place where
you can do those calculations while the sender is being held open, so
that you can make a decision as to whether or not to accept that
message.
Otherwise, you might as well just blindly accept everything in the
first place, and let the client deal with all problems.
> > At that point, you might as well just shut down all Internet e-mail anyway.
>
> For those who don't sign their messages, yes. The rest of us will be
> back in the friendly-user world because only our friends will be able
> to send us mail. :-/
Not really, no. Because only the spammers will have enough CPU power
necessary to do all those calculations. No recipient system will be
capable of doing massive crypto calculations for each and every
message that is received, so they will all get buried under the load.
> > Actually, spammers have totally unlimited CPU power available to
> > them, so they might be the only ones on the planet who are able to
> > handle doing signed e-mail for all messages.
>
> Because they are using owned machines, you mean. Well, if those
> machines can do crypto for the spammers, they can do crypto for their
> nominal owners. And if email is going to survive, by your
> projections, they're going to have to.
It doesn't matter where or how the spammers get their CPU cycles,
what matters is that they have them, and they continue to get more of
them at a faster rate than the rest of us can stand up new servers to
deal with the massive waves of spam.
We're losing this war, and we're losing it faster and faster every day.
> > It doesn't matter that the signed message is actually traceable back
> > to a particular person, it just matters that it's signed.
>
> Then it's just hashcash, and it can't scale. We already knew that.
Yup.
--
Brad Knowles, <brad at shub-internet.org>
Trend Micro has announced that they will cancel the stop.mail-abuse.org
mail forwarding service as of 15 November 2006. If you have an old
e-mail account for me at this domain, please make sure you correct that
with the current address.
More information about the Mailman-Users
mailing list